ConnMan 1.41: client.c buffer overflow via DHCP (CVE-2023-28488)
CVE-2023-28488 Published on April 12, 2023

client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Products Associated with CVE-2023-28488

stack.watch emails you whenever new vulnerabilities are published in Intel Connman or Canonical Ubuntu Linux. Just hit a watch button to start following.

Intel Connman

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.05%

Percentile

16.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

ConnMan 1.41: client.c buffer overflow via DHCP (CVE-2023-28488)CVE-2023-28488 Published on April 12, 2023

Vulnerability Analysis

Products Associated with CVE-2023-28488

Exploit Probability

ConnMan 1.41: client.c buffer overflow via DHCP (CVE-2023-28488)
CVE-2023-28488 Published on April 12, 2023